15-Oct-2007 External Path Protection Discussion By Curtis E.
Stevens
Slide 2
15-Oct-2007 Agenda n SCSI Protection Information Overview n
SCSI Protection Information Usage n SCSI Protection Information
Usage Model n ATA External Path Protection n Development
Questions
Slide 3
SCSI Protection Information Overview 15-Oct-2007
Slide 4
Sector Format Overview n Data Layout Data - User Data BLK_GRD
16-bit CRC on the user data (does not guard the 8 bytes of
protection information) APP_TAG 16 bits, application client
specific, may be adjusted in type 2 protection information REF_TAG
32 bits, depends on the protection information (PI) type
15-Oct-2007
Slide 5
Type 1 Protection n Application Standardized locality and CRC
checking in systems where the application client communicates with
a single drive or soft RAID n BLK_GRD 16 bit CRC on the user data n
REF_TAG low order 32 bits of the LBA n APP_TAG application client
specific information n Protection only available for 6-, 10-, 12-,
and 16-byte commands 32-byte commands requesting protection
information are aborted Protection information for 32-byte commands
is type 2 only
Slide 6
15-Oct-2007 Type 2 Protection n Application Standardized
locality and CRC checking in hardware RAID systems that receive an
LBA from the host and then pass the data through multiple
target/initiators. In this case, the REF-TAG retains its original
value and is not necessarily related to the LBA. n BLK_GRD 16 bit
CRC on the user data n REF_TAG, APP_TAG, APP_TAG MASK provided in
CDB REF_TAG may NOT be low order 32 bits of LBA on destination
target device APP_TAG application client specific information
APP_TAG MASK may further qualify APP_TAG data Protection only
available to 32 byte commands 6-, 10-, 12-, and 16-byte commands
requesting type 2 protection information shall be aborted
Slide 7
15-Oct-2007 Type 3 Protection n Application Standardized CRC
checking in systems where the application client provides
additional protection in an application client specific manner
Applies to systems where there is a value proposition for only
checking BLK_GRD in the device. Allows intermediary
target/initiator devices to remap REF_TAG and APP_TAG as command
moves through large system to adjust for different views of
configuration Provides a way for the host to do 48-bit locality
checking Provides a way for the host to do non-standard locality
checking n BLK_GRD 16 bit CRC on the user data n REF_TAG and
APP_TAG Provided by application client and not checked by
device
Slide 8
SCSI Protection Information Usage 15-Oct-2007
Slide 9
Discovery n Standard INQUIRY data the PROTECT bit Informs the
application client that the device is capable of supporting the
Protect Information Model n Extended Inquiry VPD page SPT field
Indicates the protection types supported by the device Only 4
options: None, Type 1, Type 1 and Type 2, Type 1 and Type 3.
GRD_CHK, APP_CHK, REF_CHK Indicate which fields the device is
capable of checking n READ CAPACITY (16) The PROT_EN bit indicates
that the device has been formatted with protection The P_TYPE field
indicates the protection type the target is formatted with
15-Oct-2007
Slide 10
Setting up the Device n FORMAT UNIT FMTPINFO Enables/Disables
protection Since SBC-3 limits the combination of protection types
the device may report, only 1 bit is needed to turn it on. RTO_REQ
The Reference Tag Owner distinguishes between Type 1 protection and
other types If the device owns the reference tag, the host shall
supply a correct one and the device can check or generate based on
the LBA. If the application client owns the reference tag, the
device shall never change the REF_TAG field and may check it for
Type 2 The device shall write the Protection Information as
FFFF_FFFF_FFFF_FFFFh during the format process. This initializes
the protection information to the escape sequence for all
protection types. n Control Mode Page The ATO bit When the host
performs a User Data only transfer, the ATO bit specifies that the
Protection Information be the Escape Sequence or Valid protection
information. 15-Oct-2007
Slide 11
Escape Sequence n Type 1 and Type 2 protection when the APP_TAG
field is FFFFh, the device shall not check the BLK_GRD or REF_TAG
fields n Type 3 protection when the APP_TAG and REF_TAG are FFFFh
and FFFF_FFFFh respectivly, the device shall not check the BLK_GRD
field 15-Oct-2007
Slide 12
APP_TAG n This field is normally host vendor specific
information and is simply stored by the device with the other
protection information fields n When the application client
provides a read/write command that does not transfer protection
information what does the device do? The ATO (application tag
owner) bit in the Control mode page determines the behavior When
the application client owns this field, the device shall insert
FFFFh in APP_TAG field. This has the effect of disabling checking
for BLK_GRD and REF_TAG When the device owns this field, the device
may insert a vendor specific value. This has the effect of allowing
the device to place a value other than FFFFh and provide valid
BLK_GRD and REF_TAG fields where appropriate. 15-Oct-2007
Slide 13
Protected Media Access n ORWRITE, WRITE, READ, VERIFY, WRITE
AND VERIFY Fieldnames - ORPROTECT, WRPROTECT, RDPROTECT, VRPROTECT
n A value of zero invokes a legacy operation Only user data is
transferred at the interface, no protection information is
transferred Protection Information is generated or stripped as
necessary n A value other than zero indicates that Protection
information is transferred, if the target is formatted with
protection information The type of checking that the target will
perform on the protection information 15-Oct-2007
Slide 14
Protection Information Usage Models 15-Oct-2007
Slide 15
Sample Usage Models n Protects data from the controller through
the drive path. n Protects host memory while the data is controlled
by the driver Remains transparent to the rest of the system
15-Oct-2007
Slide 16
Sample Usage Models n Protects host memory while the data is
controlled by the filesystem and driver Remains transparent to
applications n Provides full system round-trip data protection
15-Oct-2007
Slide 17
Differentiating Type 1 and Type 2 n Type 1 protection REF_TAG
changes when the LBA is changed by the RAID controller n Type 2
protection The REF_TAG remains the same as the data passes through
the RAID controller 15-Oct-2007
Slide 18
ATA External Path Protection 15-Oct-2007
Slide 19
Foundational Principles n Assumes no FORMAT UNIT command n
Assumes devices are pre-formatted with either valid protection
information or the escape sequence n Read and write commands will
not be modified n All changes in protection field transfer,
checking and generation will be modal
Slide 20
Summary of SCSI Protection Information n Transfer of protection
information may be changed on a command by command basis n BLK_GRD
and REF_TAG checking may be changed on a command by command basis n
APP_TAG is a field only useful to the application client If the
protection information is not transferred then ATO may be used to
place the device in a mode where an escape sequence is inserted, or
valid protection information is inserted. 15-Oct-2007
Slide 21
ATA w/Type 1 and Type 3 protection n Provide SET FEATURES for
Enable/Disable Protection Information Transfer (following user
data) Enable/disable Escape Sequence provides functionality of ATO
bit Escape Sequence type differentiates between type 3 and other
types BLK_GRD and REF_TAG checking enable/disable Disabling REF_TAG
checking is the same as Type 3 operation n SCT Write Same could be
used to force valid protection information onto the media.
15-Oct-2007
Slide 22
Escape Sequence n Follows the same requirements as SCSI n If
BLK_GRD or REF_TAG checking is enabled and the escape sequence is
encountered in the protection information, then the BLK_GRD and
REF_TAG shall not be checked by the device. n If Escape Sequence
Type is set to APP_TAG=FFFFh then whenever the APP_TAG=FFFFh, the
protection information shall not be checked by the device. n If
Escape Sequence Type is set to APP_TAG=FFFFh and REF_TAG=FFFF_FFFFh
then whenever the APP_TAG=FFFFh and REF_TAG=FFFF_FFFFh, the
protection information shall not be checked by the device.
15-Oct-2007
Slide 23
Open Items 15-Oct-2007
Slide 24
ATA w/Type 2 Protection n In SCSI, when the media is formatted
with Type 2, only the 32 byte media access CDBs work. The other
ones (6, 10, 12, and 16) are defined to fail This is because the
REF_TAG field is provided as a part of the CDB. n Still studying
usage model for mapping into T13 commands Is it reasonable to
program in an offset that applies to the entire device until
changed? n How do we deal with APP_TAG and APP_TAGMASK? Maybe we do
not support these? 15-Oct-2007